1. Field of the Invention
The present disclosure relates to verification of user identity. More specifically, the present disclosure relates to verification of user identity using memorable personal questions.
2. Related Art
The increased popularity of the Internet has changed modern life significantly. Many conventional activities have been transferred to the Internet. Internet users use the Internet to conduct daily activities such as shopping, banking, and even social activities. For reasons of security and confidentiality, when using a web service, a user is often required by the website to set up a password-protected user account.
However, once in a while a user may forget the password for his account and will need the website to reset the password. Before the website resets a user's password, the website verifies the identity of the user. In order to facilitate user identity verification, when setting up an account, a user is often required to manually input answers to a set of simple personal questions, sometimes referred to as security questions or challenges. For example, the user may need to input his mother's maiden name, the name of his childhood pet, or the name of the high school he graduated from. Such information is then stored in the user's profile. When the user requests password resetting, the website will ask him the same set of questions. By comparing the user's instant answer with information stored in his profile, the website can determine if the user requesting the password resetting is indeed the original user who set up the account.
Currently, the questions asked by websites for user authentication are often drawn from a very small question space, with the same questions used for authentication of entities with different levels of trustworthiness. Therefore, it is possible for an attacker to collect a user's answers to the security questions from one place and use the same answers at a different place to impersonate the user.
To avoid such a problem, it is desirable to ask a user security questions drawn from a large question space that includes a great variety of questions. However, the answers to a large number of questions may be difficult to remember for the user.
Hence, what is needed is a method that verifies a user's identity with a high level of confidence without burdening the user with many difficult-to-remember answers.